• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

HIPAA Consult


Answers to your questions about...paper record disposal; deceased patients and privacy; rights of a surviving spouse; faxes and the security rule

A Although HIPAA doesn't dictate precisely how you should discard old records, it does say that the method you use should effectively protect patient privacy. So, for example, some practices use locked trash bins for paper containing protected medical information, and then contract with a vendor to shred or incinerate this material after removal.

Deceased patients and privacy Q I've been told that the HIPAA privacy rule no longer applies after a patient dies. Is this correct?

Although broad, these rights are not unlimited. For example, access to psychotherapy notes (notes maintained by a mental health professional separate from the medical record) may be denied. Doctors may also deny access to the patient's medical record if they or another licensed healthcare professional believe it's reasonably likely that granting such access will endanger someone's life or physical safety. If you do deny access, the patient's personal representative retains the right to appeal the denial to a neutral third party.

Rights of a surviving spouseQ Does a spouse have unlimited access to a deceased patient's medical record?

A No. A spouse is entitled to access a deceased patient's records only if he or she is the executor or administrator of the estate, or is otherwise authorized to act on its behalf. In such cases, the spouse must be treated as a personal representative with the same rights as the patient.

Faxes and the security rule Q Are faxes containing protected health information regulated by the HIPAA security rule?

A No. Regular paper faxes aren't considered protected health information under the rule, which only covers information in electronic form. But when someone requests information from a computer, through either a voice or telephone keypad command, and that request is returned as a fax, the communication is covered under the security rule. This isn't because "faxbacks," as they are known, have computers in them but because they are used as an input and output device for computers.

According to the government, "employment of telephone voice response and/or faxback systems will generally require security protection by only one of the parties involved, but not the other." The party that must protect the information is the one responding to the request, since the information she is returning is "already in electronic form and stored in a computer."

Margaret M. Davino (
) is a healthcare attorney with Kaufman Borgeest & Ryan, in New York City.

This department answers common HIPAA-related questions. It isn$apos;t intended to provide specific legal advice. Please submit questions via e-mail to, or by regular mail to Medical Economics, 5 Paragon Drive, Montvale, NJ 07645, ATTN: HIPAA CONSULT. If we select your query, we'll address it in an upcoming issue. Your name will not be used.

Related Videos
Jennifer N. Lee, MD, FAAFP
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health
© National Institute for Occupational Safety and Health